require 'login_system'

class AdminController < ApplicationController
  before_filter :login_required
  
  
  # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
  verify :method => :post, :only => [ :destroy, :create, :update ],
  :redirect_to => { :action => :list }
  
  def index
    admin_authorization_check 
    @child_pages, @children = paginate :children, :per_page => 10
  end
  
  def admin_authorization_check
    if session['user'].login != "admin"
      redirect_to(:action => "choose")
    end
  end
  
  def show
    admin_authorization_check
    @child = Child.find(params[:id])
  end
  
  def choose
  end
  
  def new
    admin_authorization_check
    @child = Child.new
  end
    
  def create
    admin_authorization_check
    @child = Child.new(params[:child])
    if @child.save
      flash[:notice] = 'Child was successfully created.'
      redirect_to :action => 'list'
    else
      render :action => 'new'
    end
  end
  
  def edit
    admin_authorization_check
    @child = Child.find(params[:id])
  end
  
  def update
    admin_authorization_check
    @child = Child.find(params[:id])
    if @child.update_attributes(params[:child])
      flash[:notice] = 'Child was successfully updated.'
      redirect_to :action => 'show', :id => @child
    else
      render :action => 'edit'
    end
  end
  
  def destroy
    admin_authorization_check
    Child.find(params[:id]).destroy
    redirect_to :action => 'list'
  end
end